Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3136136 2018-09-07] (Logitech Inc -> Logitech, Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322120 2017-04-19] (Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [7827256 2014-05-13] (Motorola Solutions Inc. -> Motorola Solutions, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\non-os\Avast\AvLaunch.exe [259976 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [AvastUI.exe] => C:\non-os\Avast\AvLaunch.exe [259976 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
HKU\Default\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\Default User\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\User\...\Run: [World of Tanks] => C:\non-os\World_of_Tanks\WargamingGameUpdater.exe [3139936 2018-06-25] (Wargaming.net Limited -> Wargaming.net)
HKU\User\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-12-03] (Apple Inc. -> Apple Inc.)
HKU\User\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2018-12-03] (Apple Inc. -> Apple Inc.)
HKU\User\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2018-12-03] (Apple Inc. -> Apple Inc.)
HKU\User\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2019-01-15] (Apple Inc. -> Apple Inc.)
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [85304 2018-10-16] (Apple Inc. -> Apple Inc.)
S3 aswbIDSAgent; C:\non-os\Avast\aswidsagent.exe [6758976 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
S2 avast! Antivirus; C:\non-os\Avast\AvastSvc.exe [357304 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
S2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\71.0.3578.15\remoting_host.exe [73048 2018-10-18] (Google Inc -> Google Inc.)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18504 2017-04-19] (Intel® Rapid Storage Technology -> Intel Corporation)
S2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [531040 2018-05-16] (Intel Corporation -> Intel Corporation)
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344184 2016-06-28] (Intel Corporation - pGFX -> Intel Corporation)
S3 MBAMService; C:\non-os\mbam\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [310880 2018-09-05] (Intel Corporation -> )
S2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [257064 2018-06-27] (Synaptics Incorporated -> Synaptics Incorporated)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2017-12-15] (Microsoft Corporation)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [4059744 2018-09-05] (Intel Corporation -> Intel® Corporation)
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [37104 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
S1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [205400 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
S1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [225680 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
S0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [196072 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
S0 aswblog; C:\Windows\System32\drivers\aswblog.sys [320696 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
S0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [57960 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
S1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42288 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
S2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [167304 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
S1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [112312 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
S0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [87944 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
S1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1034432 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
S1 aswSP; C:\Windows\System32\drivers\aswSP.sys [474456 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
S2 aswStm; C:\Windows\System32\drivers\aswStm.sys [216784 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
S0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [379952 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
S3 BrFiltLo; C:\Windows\system32\drivers\BrFiltLo.sys [18432 2009-06-10] (Brother Industries, Ltd.)
S3 BrFiltUp; C:\Windows\system32\drivers\BrFiltUp.sys [8704 2009-06-10] (Brother Industries, Ltd.)
S3 Brserid; C:\Windows\System32\Drivers\Brserid.sys [286720 2009-07-13] (Brother Industries Ltd.)
S3 BrSerWdm; C:\Windows\System32\Drivers\BrSerWdm.sys [47104 2009-06-10] (Brother Industries Ltd.)
S3 BrUsbMdm; C:\Windows\System32\Drivers\BrUsbMdm.sys [14976 2009-06-10] (Brother Industries Ltd.)
S3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [14720 2009-06-10] (Brother Industries Ltd.)
S3 btmaudio; C:\Windows\System32\drivers\btmaud.sys [99272 2018-05-16] (Intel Corporation -> Motorola Solutions, Inc.)
S3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [141624 2014-05-13] (Motorola Solutions Inc. -> Motorola Solutions, Inc.)
S3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1424184 2014-05-13] (Motorola Solutions Inc. -> Motorola Solutions, Inc.)
S3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [41608 2018-10-20] (Techporch Incorporated -> Dell Inc.)
S3 DellProf; C:\Windows\System32\drivers\DellProf.sys [41208 2018-10-20] (Techporch Incorporated -> Dell Computer Corporation)
S1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [152688 2019-02-10] (Malwarebytes Corporation -> Malwarebytes)
S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir.sys [31232 2009-06-10] (Hauppauge Computer Works, Inc.)
S0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [40448 2017-04-19] (Intel® Rapid Storage Technology -> Intel Corporation)
S3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [210376 2014-07-18] (Intel Corporation-Mobile Wireless Group -> Intel Corporation)
S3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
S3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw02.sys [3486288 2018-09-26] (Intel Corporation -> Intel Corporation)
S3 rspLLL; C:\Windows\System32\DRIVERS\rspLLL64.sys [26368 2015-07-13] (Daniel Terhell -> Resplendence Software Projects Sp.)
S4 secdrv; C:\Windows\System32\Drivers\secdrv.sys [23040 2009-06-10] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [41512 2018-01-10] (Intel Corporation -> )
S3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45096 2018-06-27] (Synaptics Incorporated -> Synaptics Incorporated)
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
2019-02-13 15:43 - 2019-02-13 15:48 - 148752487 _____ (Aslain ) C:\Users\User\Desktop\Aslains_WoT_Modpack_Installer_v.1.4.0.1_03.exe
2019-02-11 21:42 - 2019-02-11 21:42 - 000082015 _____ C:\Users\User\Desktop\mobo rebate.pdf
2019-02-11 21:41 - 2019-02-11 21:41 - 000141660 _____ C:\Users\User\Desktop\cpu h20 cooler rebate.pdf
2019-02-11 21:41 - 2019-02-11 21:41 - 000112276 _____ C:\Users\User\Desktop\vid card rebate.pdf
2019-02-11 21:40 - 2019-02-11 21:40 - 000023096 _____ C:\Users\User\Desktop\power supply rebate.pdf
2019-02-10 13:34 - 2019-02-10 17:47 - 000261032 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbamswissarmy.sys
2019-02-10 09:06 - 2019-02-08 02:22 - 000362888 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2019-02-08 19:55 - 2019-02-08 19:55 - 000000000 ____D C:\Users\User\AppData\Local\ElevatedDiagnostics
2019-02-08 17:21 - 2019-02-08 17:21 - 001472512 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2019-02-08 17:21 - 2019-02-08 17:21 - 000154856 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2019-02-08 17:21 - 2019-02-08 17:21 - 000135680 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2019-02-08 17:21 - 2019-02-08 17:21 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2019-02-08 17:21 - 2019-02-08 17:21 - 000095464 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2019-02-08 17:21 - 2019-02-08 17:21 - 000030720 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe
2019-02-08 17:21 - 2019-02-08 17:21 - 000028672 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2019-02-08 17:21 - 2019-02-08 17:21 - 000028160 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll
2019-02-08 17:21 - 2019-02-08 17:21 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2019-02-07 22:00 - 2019-02-10 03:06 - 000000000 ____D C:\Users\User\AppData\Roaming\Tools
2019-02-07 21:43 - 2019-02-07 21:43 - 000000207 _____ C:\Windows\tweaking.com-regbackup-USER-PC-Microsoft-Windows-7-Ultimate-(64-bit).dat
2019-01-27 13:22 - 2019-01-27 13:22 - 000001596 _____ C:\Users\Public\Desktop\iTunes.lnk
2019-01-16 16:58 - 2019-01-16 16:58 - 000000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2019-02-13 18:33 - 2009-07-13 20:45 - 000026576 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-02-13 18:33 - 2009-07-13 20:45 - 000026576 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-02-13 18:12 - 2018-02-12 20:46 - 000000000 __SHD C:\Users\User\IntelGraphicsProfiles
2019-02-13 17:45 - 2009-07-13 21:13 - 000783606 _____ C:\Windows\System32\PerfStringBackup.INI
2019-02-13 17:34 - 2009-07-13 18:34 - 019873792 _____ C:\Windows\System32\config\HARDWARE
2019-02-13 15:27 - 2018-12-13 18:42 - 000004124 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2019-02-13 15:26 - 2018-10-12 16:53 - 002433536 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2019-02-10 13:33 - 2018-02-13 17:36 - 000152688 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbae64.sys
2019-02-09 15:51 - 2009-07-13 21:08 - 000032622 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2019-02-09 00:23 - 2018-07-04 08:27 - 000000000 ____D C:\Users\User\AppData\LocalLow\Mozilla
2019-02-08 19:15 - 2018-02-13 14:29 - 000000000 ____D C:\Users\User\AppData\Local\Adobe
2019-02-08 02:22 - 2019-01-06 03:20 - 000037104 _____ (AVAST Software) C:\Windows\System32\Drivers\aswArDisk.sys
2019-02-08 02:22 - 2019-01-06 03:20 - 000037104 _____ (AVAST Software) C:\Windows\System32\Drivers\asw443d9d2111d838da.tmp
2019-02-08 02:22 - 2018-12-13 18:41 - 001034432 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2019-02-08 02:22 - 2018-12-13 18:41 - 001034432 _____ (AVAST Software) C:\Windows\System32\Drivers\asw0ec810e572db70e0.tmp
2019-02-08 02:22 - 2018-12-13 18:41 - 000474456 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2019-02-08 02:22 - 2018-12-13 18:41 - 000474456 _____ (AVAST Software) C:\Windows\System32\Drivers\asw61d83fe3e44b787b.tmp
2019-02-08 02:22 - 2018-12-13 18:41 - 000379952 _____ (AVAST Software) C:\Windows\System32\Drivers\aswVmm.sys
2019-02-08 02:22 - 2018-12-13 18:41 - 000379952 _____ (AVAST Software) C:\Windows\System32\Drivers\aswc2c8c8d7b6d1a30e.tmp
2019-02-08 02:22 - 2018-12-13 18:41 - 000216784 _____ (AVAST Software) C:\Windows\System32\Drivers\aswStm.sys
2019-02-08 02:22 - 2018-12-13 18:41 - 000216784 _____ (AVAST Software) C:\Windows\System32\Drivers\asw6de9c98fa93beed4.tmp
2019-02-08 02:22 - 2018-12-13 18:41 - 000205400 _____ (AVAST Software) C:\Windows\System32\Drivers\aswf2de3e954f522b31.tmp
2019-02-08 02:22 - 2018-12-13 18:41 - 000205400 _____ (AVAST Software) C:\Windows\System32\Drivers\aswArPot.sys
2019-02-08 02:22 - 2018-12-13 18:41 - 000167304 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2019-02-08 02:22 - 2018-12-13 18:41 - 000167304 _____ (AVAST Software) C:\Windows\System32\Drivers\asw4431cfb910cf5a66.tmp
2019-02-08 02:22 - 2018-12-13 18:41 - 000112312 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2019-02-08 02:22 - 2018-12-13 18:41 - 000112312 _____ (AVAST Software) C:\Windows\System32\Drivers\aswb7aab75563928aff.tmp
2019-02-08 02:22 - 2018-12-13 18:41 - 000087944 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRvrt.sys
2019-02-08 02:22 - 2018-12-13 18:41 - 000087944 _____ (AVAST Software) C:\Windows\System32\Drivers\asw69b0a75190eb61f4.tmp
2019-02-08 02:22 - 2018-12-13 18:41 - 000042288 _____ (AVAST Software) C:\Windows\System32\Drivers\aswKbd.sys
2019-02-08 02:22 - 2018-12-13 18:41 - 000042288 _____ (AVAST Software) C:\Windows\System32\Drivers\aswd62f0572c9633b75.tmp
2019-02-08 02:21 - 2019-01-14 07:20 - 000225680 _____ (AVAST Software) C:\Windows\System32\Drivers\aswbidsdriver.sys
2019-02-08 02:21 - 2019-01-14 07:20 - 000225680 _____ (AVAST Software) C:\Windows\System32\Drivers\asw29e12adc2b8c9717.tmp
2019-02-08 02:21 - 2019-01-06 03:20 - 000320696 _____ (AVAST Software) C:\Windows\System32\Drivers\aswblog.sys
2019-02-08 02:21 - 2019-01-06 03:20 - 000320696 _____ (AVAST Software) C:\Windows\System32\Drivers\asw82f59f0e603928a1.tmp
2019-02-08 02:21 - 2019-01-06 03:20 - 000196072 _____ (AVAST Software) C:\Windows\System32\Drivers\aswe8b6ba5a388d5e98.tmp
2019-02-08 02:21 - 2019-01-06 03:20 - 000196072 _____ (AVAST Software) C:\Windows\System32\Drivers\aswbidsh.sys
2019-02-08 02:21 - 2019-01-06 03:20 - 000057960 _____ (AVAST Software) C:\Windows\System32\Drivers\aswe628b91de3e0e70e.tmp
2019-02-08 02:21 - 2019-01-06 03:20 - 000057960 _____ (AVAST Software) C:\Windows\System32\Drivers\aswbuniv.sys
2019-02-02 16:53 - 2009-07-13 18:34 - 086769664 _____ C:\Windows\System32\config\software.rcbak
2019-02-02 16:53 - 2009-07-13 18:34 - 020447232 _____ C:\Windows\System32\config\system.rcbak
2019-02-02 16:53 - 2009-07-13 18:34 - 001572864 _____ C:\Windows\System32\config\default.rcbak
2019-02-02 16:53 - 2009-07-13 18:34 - 000028672 _____ C:\Windows\System32\config\sam.rcbak
2019-02-02 16:53 - 2009-07-13 18:34 - 000024576 _____ C:\Windows\System32\config\security.rcbak
2019-02-02 16:52 - 2009-07-13 18:34 - 046661632 _____ C:\Windows\System32\config\components.rcbak
2019-02-01 21:07 - 2018-02-13 15:20 - 000000000 ____D C:\Program Files\pia_manager
2019-01-20 03:40 - 2018-02-13 15:15 - 000000000 ____D C:\Users\User\AppData\Roaming\MP3Rocket
2019-01-17 03:03 - 2018-06-26 16:24 - 000000000 ____D C:\Users\User\AppData\Local\Apple Computer
[2018-03-22 17:35] - [2017-12-31 17:50] - 000455680 _____ (Microsoft Corporation) 11D6A262B617130F7C16E308C12E0D41
[2018-11-13 16:48] - [2018-11-10 17:25] - 000516608 _____ (Microsoft Corporation) C4AF5F835F7F88235FBBB5E5A8380988
[2018-07-10 16:02] - [2018-06-08 08:19] - 000357888 _____ (Microsoft Corporation) 9B86DF86D1EFF32893BC3FB49BFAA993
[2018-07-10 16:02] - [2018-06-08 07:54] - 000269824 _____ (Microsoft Corporation) 4A35D7B172AFF9C6B362D7297568836A
Drive y: (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.45 GB) NTFS ==>[system with boot components (obtained from drive)]
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13.02.2019
Ran by User (administrator) on USER-PC (14-02-2019 00:31:42)
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available Profiles: User)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\non-os\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\71.0.3578.15\remoting_host.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\71.0.3578.15\remoting_host.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(AVAST Software) C:\non-os\Avast\aswidsagent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Wargaming.net) C:\non-os\World_of_Tanks\WargamingGameUpdater.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(AVAST Software) C:\non-os\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\LAClient\laclient.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3136136 2018-09-07] (Logitech Inc -> Logitech, Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322120 2017-04-19] (Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [7827256 2014-05-13] (Motorola Solutions Inc. -> Motorola Solutions, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\non-os\Avast\AvLaunch.exe [259976 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [AvastUI.exe] => C:\non-os\Avast\AvLaunch.exe [259976 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
HKLM\...\Policies\Explorer: [NoTaskGrouping] 1
HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Run: [World of Tanks] => C:\non-os\World_of_Tanks\WargamingGameUpdater.exe [3139936 2018-06-25] (Wargaming.net Limited -> Wargaming.net)
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-12-03] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2018-12-03] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2018-12-03] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2019-01-15] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Policies\system: [NoDispScrSavPage] 0
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Policies\Explorer: [NoTaskGrouping] 1
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Policies\Explorer: [NoToolbarsOnTaskbar] 1
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Policies\Explorer: [TaskbarLockAll] 1
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Policies\Explorer: [NoAutoTrayNotify] 1
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Policies\Explorer: [NoThemesTab] 1
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.109\Installer\chrmstp.exe [2019-02-13] (Google LLC -> Google Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 172.16.0.1
Tcpip\..\Interfaces\{096D4EA8-B3B7-4B42-B91A-2D6753E86104}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{8A85C905-A85F-4151-BAFC-F388992A3B15}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{A3E44CE9-87D0-4413-A0C7-3C41D31D1BAE}: [NameServer] 1.1.1.1,1.0.0.1
Tcpip\..\Interfaces\{C0C5A3B0-8751-4A61-ADB0-CA4752ACE43F}: [DhcpNameServer] 172.16.0.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
URLSearchHook: [S-1-5-21-1894722739-3979997351-3746568665-1000] ATTENTION => Default URLSearchHook is missing
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2018-09-07] (Logitech Inc -> Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2019-01-01] ()
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2018-09-07] (Logitech Inc -> Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2019-01-01] ()
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2018-09-25] [not signed]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2019-01-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2019-01-01] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\non-os\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\non-os\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\non-os\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.bing.com/search?FORM=INCOH1&PC=IC03&PTAG=ICO-563448c1
CHR StartupUrls: Default -> "hxxp://www.yahoo.com/"
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2019-02-14]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-02-13]
CHR Extension: (uBlock Origin) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2019-02-12]
CHR Extension: (iCloud Bookmarks) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2018-12-31]
CHR Extension: (Chrome Remote Desktop) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2018-10-04]
CHR Extension: (Black Black Chrome Theme Dark Blue Highlight) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\njpbabhpbnilgchdjbajcbgnnclkaida [2018-02-13]
CHR Extension: (F.B.(FluffBusting)Purity) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmkinhboiljjkhaknpaeaicmdjhagpep [2019-01-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-02-13]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-08]
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-02-13]
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile [2019-02-13]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [85304 2018-10-16] (Apple Inc. -> Apple Inc.)
R3 aswbIDSAgent; C:\non-os\Avast\aswidsagent.exe [6758976 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\non-os\Avast\AvastSvc.exe [357304 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\71.0.3578.15\remoting_host.exe [73048 2018-10-18] (Google Inc -> Google Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18504 2017-04-19] (Intel® Rapid Storage Technology -> Intel Corporation)
R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [531040 2018-05-16] (Intel Corporation -> Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344184 2016-06-28] (Intel Corporation - pGFX -> Intel Corporation)
S3 MBAMService; C:\non-os\mbam\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [310880 2018-09-05] (Intel Corporation -> )
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [257064 2018-06-27] (Synaptics Incorporated -> Synaptics Incorporated)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2017-12-15] (Microsoft Windows -> Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [4059744 2018-09-05] (Intel Corporation -> Intel® Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [37104 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [205400 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [225680 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [196072 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswblog.sys [320696 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [57960 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42288 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [167304 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [112312 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [87944 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1034432 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [474456 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [216784 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [379952 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
R3 btmaudio; C:\Windows\System32\drivers\btmaud.sys [99272 2018-05-16] (Intel Corporation -> Motorola Solutions, Inc.)
R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [141624 2014-05-13] (Motorola Solutions Inc. -> Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1424184 2014-05-13] (Motorola Solutions Inc. -> Motorola Solutions, Inc.)
S3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [41608 2018-10-20] (Techporch Incorporated -> Dell Inc.)
S3 DellProf; C:\Windows\System32\drivers\DellProf.sys [41208 2018-10-20] (Techporch Incorporated -> Dell Computer Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [152688 2019-02-10] (Malwarebytes Corporation -> Malwarebytes)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [40448 2017-04-19] (Intel® Rapid Storage Technology -> Intel Corporation)
R3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [210376 2014-07-18] (Intel Corporation-Mobile Wireless Group -> Intel Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2013-12-11] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [23040 2017-11-27] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw02.sys [3486288 2018-09-26] (Intel Corporation -> Intel Corporation)
S3 rspLLL; C:\Windows\System32\DRIVERS\rspLLL64.sys [26368 2015-07-13] (Daniel Terhell -> Resplendence Software Projects Sp.)
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [41512 2018-01-11] (Intel Corporation -> )
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45096 2018-06-27] (Synaptics Incorporated -> Synaptics Incorporated)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [27136 2018-02-13] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2017-11-27] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-02-14 00:31 - 2019-02-14 00:33 - 000018134 _____ C:\Users\User\Desktop\FRST.txt
2019-02-13 18:43 - 2019-02-13 18:48 - 148752487 _____ (Aslain ) C:\Users\User\Desktop\Aslains_WoT_Modpack_Installer_v.1.4.0.1_03.exe
2019-02-12 23:29 - 2019-02-12 23:29 - 000000000 __SHD C:\found.000
2019-02-12 00:42 - 2019-02-12 00:42 - 000082015 _____ C:\Users\User\Desktop\mobo rebate.pdf
2019-02-12 00:41 - 2019-02-12 00:41 - 000141660 _____ C:\Users\User\Desktop\cpu h20 cooler rebate.pdf
2019-02-12 00:41 - 2019-02-12 00:41 - 000112276 _____ C:\Users\User\Desktop\vid card rebate.pdf
2019-02-12 00:40 - 2019-02-12 00:40 - 000023096 _____ C:\Users\User\Desktop\power supply rebate.pdf
2019-02-10 16:34 - 2019-02-10 20:47 - 000261032 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-02-10 12:06 - 2019-02-08 05:22 - 000362888 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2019-02-08 23:23 - 2019-02-10 06:07 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rockers Team
2019-02-08 22:55 - 2019-02-08 22:55 - 000000000 ____D C:\Users\User\AppData\Local\ElevatedDiagnostics
2019-02-08 20:21 - 2019-02-08 20:21 - 001472512 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2019-02-08 20:21 - 2019-02-08 20:21 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2019-02-08 20:21 - 2019-02-08 20:21 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2019-02-08 20:21 - 2019-02-08 20:21 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2019-02-08 20:21 - 2019-02-08 20:21 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2019-02-08 20:21 - 2019-02-08 20:21 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2019-02-08 20:21 - 2019-02-08 20:21 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2019-02-08 20:21 - 2019-02-08 20:21 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2019-02-08 20:21 - 2019-02-08 20:21 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2019-02-08 05:23 - 2019-02-08 05:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2019-02-08 01:00 - 2019-02-10 06:06 - 000000000 ____D C:\Users\User\AppData\Roaming\Tools
2019-02-08 00:43 - 2019-02-08 00:43 - 000000207 _____ C:\Windows\tweaking.com-regbackup-USER-PC-Microsoft-Windows-7-Ultimate-(64-bit).dat
2019-02-08 00:43 - 2019-02-08 00:43 - 000000000 ____D C:\RegBackup
2019-01-27 16:22 - 2019-01-27 16:22 - 000001596 _____ C:\Users\Public\Desktop\iTunes.lnk
2019-01-27 16:22 - 2019-01-27 16:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2019-01-27 16:22 - 2019-01-27 16:22 - 000000000 ____D C:\Program Files\iPod
2019-01-27 16:03 - 2019-01-27 16:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2019-01-16 19:58 - 2019-01-16 19:58 - 000000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
==================== One month (modified) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-02-14 00:31 - 2018-12-31 16:39 - 000000000 ___RD C:\Users\User\iCloudDrive
2019-02-14 00:31 - 2018-12-26 21:18 - 000000000 ____D C:\FRST
2019-02-14 00:29 - 2018-02-12 23:46 - 000000000 __SHD C:\Users\User\IntelGraphicsProfiles
2019-02-14 00:29 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-02-13 21:33 - 2009-07-13 23:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-02-13 21:33 - 2009-07-13 23:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-02-13 20:45 - 2009-07-14 00:13 - 000783606 _____ C:\Windows\system32\PerfStringBackup.INI
2019-02-13 20:45 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2019-02-13 20:34 - 2009-07-13 21:34 - 019873792 _____ C:\Windows\system32\config\HARDWARE
2019-02-13 18:27 - 2018-12-13 21:42 - 000004124 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2019-02-13 18:26 - 2018-10-12 19:53 - 002433536 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2019-02-12 23:22 - 2018-11-03 21:52 - 000910342 _____ C:\Windows\ntbtlog.txt
2019-02-12 22:26 - 2018-08-24 20:18 - 000000000 ____D C:\Users\Public\Logi
2019-02-10 16:33 - 2018-02-13 20:36 - 000152688 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-02-09 18:51 - 2009-07-14 00:08 - 000032622 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2019-02-09 03:23 - 2018-07-04 11:27 - 000000000 ____D C:\Users\User\AppData\LocalLow\Mozilla
2019-02-08 23:24 - 2018-02-13 17:27 - 000000000 ____D C:\non-os
2019-02-08 22:57 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\system32\NDF
2019-02-08 22:15 - 2018-02-13 17:29 - 000000000 ____D C:\Users\User\AppData\Local\Adobe
2019-02-08 05:22 - 2019-01-06 06:20 - 000037104 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys
2019-02-08 05:22 - 2019-01-06 06:20 - 000037104 _____ (AVAST Software) C:\Windows\system32\Drivers\asw443d9d2111d838da.tmp
2019-02-08 05:22 - 2018-12-13 21:41 - 001034432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2019-02-08 05:22 - 2018-12-13 21:41 - 001034432 _____ (AVAST Software) C:\Windows\system32\Drivers\asw0ec810e572db70e0.tmp
2019-02-08 05:22 - 2018-12-13 21:41 - 000474456 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2019-02-08 05:22 - 2018-12-13 21:41 - 000474456 _____ (AVAST Software) C:\Windows\system32\Drivers\asw61d83fe3e44b787b.tmp
2019-02-08 05:22 - 2018-12-13 21:41 - 000379952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2019-02-08 05:22 - 2018-12-13 21:41 - 000379952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswc2c8c8d7b6d1a30e.tmp
2019-02-08 05:22 - 2018-12-13 21:41 - 000216784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2019-02-08 05:22 - 2018-12-13 21:41 - 000216784 _____ (AVAST Software) C:\Windows\system32\Drivers\asw6de9c98fa93beed4.tmp
2019-02-08 05:22 - 2018-12-13 21:41 - 000205400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswf2de3e954f522b31.tmp
2019-02-08 05:22 - 2018-12-13 21:41 - 000205400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2019-02-08 05:22 - 2018-12-13 21:41 - 000167304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2019-02-08 05:22 - 2018-12-13 21:41 - 000167304 _____ (AVAST Software) C:\Windows\system32\Drivers\asw4431cfb910cf5a66.tmp
2019-02-08 05:22 - 2018-12-13 21:41 - 000112312 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2019-02-08 05:22 - 2018-12-13 21:41 - 000112312 _____ (AVAST Software) C:\Windows\system32\Drivers\aswb7aab75563928aff.tmp
2019-02-08 05:22 - 2018-12-13 21:41 - 000087944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2019-02-08 05:22 - 2018-12-13 21:41 - 000087944 _____ (AVAST Software) C:\Windows\system32\Drivers\asw69b0a75190eb61f4.tmp
2019-02-08 05:22 - 2018-12-13 21:41 - 000042288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2019-02-08 05:22 - 2018-12-13 21:41 - 000042288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswd62f0572c9633b75.tmp
2019-02-08 05:21 - 2019-01-14 10:20 - 000225680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys
2019-02-08 05:21 - 2019-01-14 10:20 - 000225680 _____ (AVAST Software) C:\Windows\system32\Drivers\asw29e12adc2b8c9717.tmp
2019-02-08 05:21 - 2019-01-06 06:20 - 000320696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswblog.sys
2019-02-08 05:21 - 2019-01-06 06:20 - 000320696 _____ (AVAST Software) C:\Windows\system32\Drivers\asw82f59f0e603928a1.tmp
2019-02-08 05:21 - 2019-01-06 06:20 - 000196072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswe8b6ba5a388d5e98.tmp
2019-02-08 05:21 - 2019-01-06 06:20 - 000196072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys
2019-02-08 05:21 - 2019-01-06 06:20 - 000057960 _____ (AVAST Software) C:\Windows\system32\Drivers\aswe628b91de3e0e70e.tmp
2019-02-08 05:21 - 2019-01-06 06:20 - 000057960 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys
2019-02-08 05:00 - 2018-02-13 18:16 - 000000000 ____D C:\Users\User\Incomplete
2019-02-02 19:53 - 2009-07-13 21:34 - 086769664 _____ C:\Windows\system32\config\software.rcbak
2019-02-02 19:53 - 2009-07-13 21:34 - 020447232 _____ C:\Windows\system32\config\system.rcbak
2019-02-02 19:53 - 2009-07-13 21:34 - 001572864 _____ C:\Windows\system32\config\default.rcbak
2019-02-02 19:53 - 2009-07-13 21:34 - 000028672 _____ C:\Windows\system32\config\sam.rcbak
2019-02-02 19:53 - 2009-07-13 21:34 - 000024576 _____ C:\Windows\system32\config\security.rcbak
2019-02-02 19:52 - 2009-07-13 21:34 - 046661632 _____ C:\Windows\system32\config\components.rcbak
2019-02-02 18:26 - 2018-12-09 13:36 - 000000000 ____D C:\Program Files\Bonjour
2019-02-02 00:07 - 2018-02-13 18:20 - 000000000 ____D C:\Program Files\pia_manager
2019-01-20 06:40 - 2018-02-13 18:15 - 000000000 ____D C:\Users\User\AppData\Roaming\MP3Rocket
2019-01-17 06:03 - 2018-06-26 19:24 - 000000000 ____D C:\Users\User\AppData\Local\Apple Computer
==================== Files in the root of some directories =======
2018-12-01 16:39 - 2018-12-01 16:39 - 000000017 _____ () C:\Users\User\AppData\Local\resmon.resmoncfg
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\SysWOW64\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2019-02-13 22:12
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13.02.2019
Ran by User (14-02-2019 00:34:00)
Running from C:\Users\User\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2018-02-13 04:35:34)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1894722739-3979997351-3746568665-500 - Administrator - Disabled)
Guest (S-1-5-21-1894722739-3979997351-3746568665-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1894722739-3979997351-3746568665-1002 - Limited - Enabled)
User (S-1-5-21-1894722739-3979997351-3746568665-1000 - Administrator - Enabled) => C:\Users\User
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.008.20074 - Adobe Systems Incorporated)
Adobe Flash Player 32 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 32.0.0.101 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{5A659BE5-849B-484E-A83B-DCB78407F3A4}) (Version: 7.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{F8060941-C0AB-4BCE-88AC-F2FDA2E9F286}) (Version: 7.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5FA8C4BE-8C74-4B9C-9B49-EBF759230189}) (Version: 12.1.0.25 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Aslain's WoT Modpack version 1.4.0.1.03 (HKLM-x32\...\Aslains_WoT_Modpack_Installer_is1) (Version: 1.4.0.1.03 - Aslain)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.2.2364 - AVAST Software)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.2.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon MX920 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX920_series) (Version: 1.01 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.51 - Piriform)
Chrome Remote Desktop Host (HKLM-x32\...\{F51A03C4-2DD0-43B0-900F-EAD1C45DC542}) (Version: 71.0.3578.15 - Google Inc.)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 19.2.17.70 - Synaptics Incorporated)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 72.0.3626.109 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version: - EFD Software)
iCloud (HKLM\...\{05D97028-FD26-4A3D-BADC-D1CA2E9F1214}) (Version: 7.10.0.9 - Apple Inc.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4414 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.16.1063 - Intel Corporation)
Intel® USB 3.0\3.1 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 5.0.4.43 - Intel Corporation)
Intel® Wireless Bluetooth®(patch version 17.0.1427.2) (HKLM\...\{302600C1-6BDF-4FD1-1406-148929CC1385}) (Version: 17.1.1406.0472 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{f8c930bd-0a68-425f-8c11-87723d1e2c97}) (Version: 20.90.0 - Intel Corporation)
iTunes (HKLM\...\{D9D08A8F-5A03-486A-AD4D-3A438D521F8B}) (Version: 12.9.3.3 - Apple Inc.)
Java 8 Update 191 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180191F0}) (Version: 8.0.1910.12 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
K-Lite Codec Pack 14.5.3 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 14.5.3 - KLCP)
LatencyMon 6.70 (HKLM\...\LatencyMon_is1) (Version: - Resplendence Software Projects Sp.)
Logitech SetPoint 6.69 (HKLM\...\sp6) (Version: 6.69.114 - Logitech)
Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.11.25325 (HKLM-x32\...\{6c6356fe-cbfa-4944-9bed-a9e99f45cb7a}) (Version: 14.11.25325.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Word 2010 (HKLM\...\Office14.WORD) (Version: 14.0.7015.1000 - Microsoft Corporation)
MP3 Rocket (HKLM-x32\...\MP3 Rocket) (Version: 7.3 PRO - MP3 Rocket Inc)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.73.618.2013 - Realtek)
Realtek USB Card Reader (HKLM-x32\...\{1E496A68-4943-424E-829D-5C3C85B7B8F2}) (Version: 6.2.9200.39039 - Realtek Semiconductor Corp.)
RuneScape Launcher 2.2.4 (HKLM\...\RuneScape Launcher_is1) (Version: 2.2.4 - Jagex Ltd)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-001B-0000-1000-0000000FF1CE}_Office14.WORD_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.1.8 - TeamSpeak Systems GmbH)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.4 - VideoLAN)
Windows 7 Manager (HKLM\...\{21F090D4-3CBD-4AAC-9E7C-76CF4EA574F4}) (Version: 5.1.4 - Yamicsoft)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
World of Tanks (HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812na}_is1) (Version: - Wargaming.net)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1894722739-3979997351-3746568665-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation - pGFX -> Intel Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\non-os\Avast\ashShell.dll [2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\non-os\Avast\ashShell.dll [2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\non-os\Avast\ashShell.dll [2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2019-01-15] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\non-os\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\non-os\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\non-os\Avast\ashShell.dll [2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2016-06-28] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\non-os\Avast\ashShell.dll [2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\non-os\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\non-os\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0174FE8C-A0CF-46B3-B938-7630C1ECC3EE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {0C21FBD4-0AFD-412C-842E-8ED3417942F5} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe (AVAST Software s.r.o. -> AVAST Software)
Task: {D31E9446-6468-4DBE-A05F-9CEC7E7AA889} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe (Apple Inc. -> Apple Inc.)
Task: {E6F32968-0213-4D6D-898C-CC243D51FCE1} - System32\Tasks\Avast Emergency Update => C:\non-os\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
Task: {FC0C2614-BF7C-49BB-9E41-AD87A771CE42} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Remote Desktop.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7eafae96818e1883\Gmail.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=pjkljhegncpnkpknbcohdijeoejaedia
==================== Loaded Modules (Whitelisted) ==============
2019-02-08 05:22 - 2019-02-08 05:22 - 000654216 _____ () C:\non-os\Avast\streamback.dll
2019-02-08 05:22 - 2019-02-08 05:22 - 000321928 _____ () C:\non-os\Avast\serialization.dll
2019-02-13 18:21 - 2019-02-13 18:21 - 006877328 _____ () C:\non-os\Avast\defs\19021304\algo64.dll
2019-02-08 05:22 - 2019-02-08 05:22 - 000556936 _____ () C:\non-os\Avast\gui_cache.dll
2019-02-08 05:22 - 2019-02-08 05:22 - 002024840 _____ () C:\non-os\Avast\shepherdsync.dll
2019-01-15 01:27 - 2019-01-15 01:27 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-12-08 01:48 - 2017-12-08 01:48 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-06-28 04:04 - 2016-06-28 04:04 - 000382072 _____ () C:\Windows\system32\igfxTray.exe
2018-08-29 14:57 - 2018-08-29 14:57 - 000077824 _____ () C:\Program Files\Common Files\Logishrd\LAClient\zlib.dll
2018-08-29 14:57 - 2018-08-29 14:57 - 000144896 _____ () C:\Program Files\Common Files\Logishrd\LAClient\libssh2.dll
2019-01-15 01:28 - 2019-01-15 01:28 - 001042744 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2017-12-08 01:49 - 2017-12-08 01:49 - 000076088 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2019-01-15 01:28 - 2019-01-15 01:28 - 000189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\.DEFAULT\...\dell.com -> dell.com
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:34 - 2019-02-13 18:27 - 000000035 _____ C:\Windows\system32\drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\System32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 172.16.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
If an entry is included in the fixlist, it will be removed.
MSCONFIG\Services: DDVCollectorSvcApi => 2
MSCONFIG\Services: DDVDataCollector => 2
MSCONFIG\Services: DDVRulesProcessor => 2
MSCONFIG\Services: Dell Hardware Support => 2
MSCONFIG\Services: SupportAssistAgent => 2
MSCONFIG\startupreg: CCleaner Smart Cleaning => "C:\non-os\CCleaner\CCleaner64.exe" /MONITOR
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{CE33B4CE-020E-45B5-A5C5-9B05883F30BB}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{98D344CF-C049-4005-B576-52078AE43075}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C2CFF724-A9CD-47D8-9C0F-91E4144B60E7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D4054BF6-D262-4B9B-9902-E2D629658853}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2F1DBDC1-CC6D-401A-8058-FAA8C19DBD34}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5DC388C2-4198-4BA3-A8DA-64E6CFAEB85E}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{1A30BD90-CC0E-49FC-9C52-8472F6994B56}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{6B390909-5C3D-4B70-95E6-C57245E61CE7}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\71.0.3578.15\remoting_host.exe (Google Inc -> Google Inc.)
FirewallRules: [{5CC1D8DE-53FE-4676-9806-98AA78CBA5B3}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation -> )
FirewallRules: [{1082144C-4AB0-4097-AE33-497ACC3AED5E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5F340EBE-F9EC-4CA5-B371-E454FB6B967B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{9C88F9AE-E3A6-4EB7-B6EE-EBC115CED021}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{607B9A66-5F97-4728-B6ED-C161DA13D4C9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C3D68476-B03F-47F9-A9CA-0B4BCF92753E}] => (Allow) C:\non-os\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{82E842A6-D6A4-4C05-89D3-CFF3AB645040}] => (Allow) C:\non-os\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [TCP Query User{C627DD23-1741-49C5-9D0B-90860D6BF701}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe ()
FirewallRules: [UDP Query User{0586A64D-566E-4700-B9D3-464B39902344}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe ()
FirewallRules: [{D4704BBE-0CFE-4BB8-A9B6-4390C2A3BB81}] => (Block) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe ()
FirewallRules: [{E86DC197-210B-4146-AA71-9DAFEE56F332}] => (Block) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe ()
FirewallRules: [{6EB8FEA4-E0CE-4CBC-8C51-DE2A359AB171}] => (Allow) C:\non-os\World_of_Tanks\WoTLauncher.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [{EB38BA06-F044-45F0-8E05-8CF207CAC57E}] => (Allow) C:\non-os\World_of_Tanks\WoTLauncher.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [{2A48BF9C-EBD8-4416-8027-3DF2FA1EBE47}] => (Allow) C:\non-os\World_of_Tanks\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [{47AA7DF3-D911-4A4E-88CD-B801E7250B30}] => (Allow) C:\non-os\World_of_Tanks\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [{93D8C5FC-A6D1-4325-AE0D-E94D1ADA586E}] => (Allow) C:\non-os\avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{65EF0972-7182-4D16-8A1F-AD6D5C90ABFB}] => (Allow) C:\non-os\avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{B3B26794-6F84-4ECA-A1D3-68D9C96E0ECF}] => (Allow) C:\non-os\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8D94D36F-A5AA-4B29-B7C2-B92CB0FE7530}] => (Allow) C:\non-os\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{033E27C5-B27E-4B3D-9070-7E5B6FB5C3A5}] => (Allow) C:\non-os\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{A87C6766-180F-4E11-8AC5-4B6B145FD6D4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
==================== Restore Points =========================
10-02-2019 06:07:04 Removed RT 7 Lite x64
13-02-2019 18:26:49 Restore Point Created by FRST
13-02-2019 20:48:46 Windows Update
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/14/2019 12:29:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (02/13/2019 09:13:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (02/13/2019 08:41:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (02/13/2019 06:32:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (02/13/2019 06:26:48 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
Operation:
Gathering Writer Data
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {c484f51a-6dcd-4494-9c10-fc330a733563}
Error: (02/13/2019 06:19:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (02/12/2019 11:31:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (02/12/2019 11:23:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
System errors:
=============
Error: (02/14/2019 12:31:11 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 70. The internal error state is 105.
Error: (02/14/2019 12:30:46 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (02/14/2019 12:30:23 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
Error: (02/13/2019 09:13:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (02/13/2019 09:13:28 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
Error: (02/13/2019 09:13:07 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 70. The internal error state is 105.
Error: (02/13/2019 08:41:05 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.
Error: (02/13/2019 08:40:48 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
CodeIntegrity:
===================================
Date: 2018-12-02 02:59:06.459
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\btmhsf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2018-12-02 02:59:06.225
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\btmhsf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2018-12-02 02:59:00.999
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\btmhsf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2018-12-02 02:59:00.656
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\btmhsf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2018-12-02 02:58:58.269
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\btmhsf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2018-12-02 02:58:58.035
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\btmhsf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2018-12-02 02:58:55.867
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\btmhsf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2018-12-02 02:58:55.571
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\btmhsf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Intel® Core i5-4200U CPU @ 1.60GHz
Percentage of memory in use: 32%
Total physical RAM: 8080.36 MB
Available physical RAM: 5419.04 MB
Total Virtual: 20198.5 MB
Available Virtual: 17531.88 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:931.02 GB) (Free:810.43 GB) NTFS
Drive e: (Windows 7) (Removable) (Total:7.26 GB) (Free:7.19 GB) NTFS
\\?\Volume{9ff80743-108f-11e8-9196-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.45 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 198DF528)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7.3 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7.3 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================